On Thursday 15 December 2005 11:51, you wrote:
> According to that chapter in the book, the password itself is not
> "encrypted" ( by which you seem to actually mean obfuscated, which is
> entirely different ), instead the entire file is encrypted using
> windows' EFS. That WOULD allow you, as the owner of the file, to open
> it and see the password with notepad, but other users would be denied
> access, and if someone plugged the disk into another computer and tried
> to look at the file with say, a hex editor on the raw partition, they
> would only find encrypted data.
The book is wrong. :-) On Win32, and only Win32, it will encrypt the
password. Take a look at one of the files in
%APPDATA%\Subversion\auth\svn.simple. You'll see that the passtype is
"wincrypt", which is Branko used to encrypt your password with some
logon-related information.
> Looking at my auth cache on this win2k machine though, it does NOT
> appear that the file is encrypted, because the "Encrypt contents to
> secure data" attribute is not set according to explorer, so it does seem
> that this is broken.
Look in the file, you'll see what I mean. :-)
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 15 23:20:46 2005